Re: Can't delete a corrupt user object
- From: "Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx>
- Date: Fri, 17 Nov 2006 20:36:18 -0500
If you are only locating this object on GCs and not on DCs of the domain that the object exists in, then you need to search the MSKB for the keyword lingering objects and do the steps specified. It involves using REPADMIN with the /removelingeringobject switch.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Pinkel wrote:
The user object with the square is in the Global Catalog on the root server from the parent domain. So, what i meant is: What can i do to fix this?.
"Joe Richards [MVP]" wrote:
What do you mean you have to delete the GC of the child domain?
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Pinkel wrote:Thanks Joe. Found it on the root server of the parent domain in the GC. Now we have to delete the GC of the clild domain. Can you advise about this?
"Joe Richards [MVP]" wrote:
Leave Exchange out of it until we understand what is going on AD. Exchange can complicate it because you have offline address books etc that can hold old info.
You need to query every DC in the domain that the user was created in and check to see if it there. Then check every global catalog in the forest to see if it is there. If you find the deleted user on any of those DCs, you have a replication problem you need to deal with.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Pinkel wrote:Dear Joe,
Thanks for your help. But now its changed. I will explane. Here is 1 parent domain and 5 child domains. One of the clild domains was made a user. For reasons the user is deleted and made again in the same OU. From there came the problem that the old user is corrupt. The deleted user and new user where in the same OU and shown in the global address book of exchange. When you do a search of each domain controller in each domain, you'll find the only the 2 users when you search on "Entire Directory".
Now i have moved (a week ago) the new user to an other OU. Now, in the domain of the users, the deleted user is gone when you do an "Entire Directory" search. But, when you do the same search from an other domain controller in one of the other domains, the user is still there. Even the user is shown in the global address book of Exchange.
Searching with LDP or ADSIEdit in the domain of the users, still i can not find the deleted user, only the new moved user.
For sure, i now its a problem with replication/sync between the different domains. But with RepMon, it did not show any problems. Maybe i have to wait for a little time more......
Please advise. Thanks.
greetings, Rink
"Joe Richards [MVP]" wrote:
The square control character is a newline and I can assure you that both ADSIEDIT and LDP can display it though the square may be displayed more correctly as \0A.
The names aren't the same, that was the reason the conflict (that is what CNF: stands for) occurred. So the conflict object is renamed to name\0ACNF:ObjectGuid
But yes, the objects should be in the same container unless someone moved it.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Pinkel wrote:ADSIEDIT and LDP won't show me the user with the square control character. Only the new user is visible. This is also on the Primary Domain Controller of the child domain, on the Backup Domain Controller, on the Primary and Secondary Domain Controller of the Parent Domain.
When i do a full search on the Entire Directory and find the user with the square control character, it sould be in the sam OU of the new user with the same name. So i'am looking right......
Please help
"Joe Richards [MVP]" wrote:
The user isn't corrupt, it is an object that experienced a replication conflict (or collision if you prefer).
ADSIEDIT and LDP both can delete this if you can locate it. In LDP use tree view mode and browse down to it. You should also be able to do this with ADSIEDIT. If you can't find it, either it was already deleted and the GAL is not getting updated (i.e. offline/cached) or you aren't looking in the right place.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Pinkel wrote:There are some corrupt user objects in AD. In the exchange addressbook, there is an user object that was deleted.
When you browse in the ad (UAC) where the object is placed, its not there. Only when search on "Entire Directory", then you find the user object like: Clarke,Andrew <square control character> CNF:6a70d5f5- 23d1-9cc2-8e96aff678c2. If you try to delete is, you get an error (Windows cannot delete object Clarke,Andrew <square control character> CNF:6a70d5f5- 23d1-9cc2-8e96aff678c2 because: Directory object not found.
I have used LDP and ADSIEdit, but with both tools i could not find the user object. When you make a new user with the same name (Clarke,Andrew), ad accepts it.
What can i do, to delete the corrupt user object from the ad and addressbook?
- References:
- Re: Can't delete a corrupt user object
- From: Pinkel
- Re: Can't delete a corrupt user object
- From: Joe Richards [MVP]
- Re: Can't delete a corrupt user object
- From: Pinkel
- Re: Can't delete a corrupt user object
- Prev by Date: Re: Forward lookup zone not automatically created for new domain i
- Next by Date: Re: Promote OU to Domain
- Previous by thread: Re: Can't delete a corrupt user object
- Next by thread: AD Restore disaster please help.........
- Index(es):
Relevant Pages
|
Loading
